RHSA-2020:0962
Vulnerability from csaf_redhat - Published: 2020-03-24 11:31 - Updated: 2026-03-18 03:35Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update
Severity
Important
Notes
Topic: An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.
Security Fix(es):
* The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887)
* libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)
* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.
5.9 (Medium)
Vendor Fix
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
You must restart the JBoss server process for the update to take effect.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:0962
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
7.5 (High)
Vendor Fix
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
You must restart the JBoss server process for the update to take effect.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:0962
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network.
7.4 (High)
Vendor Fix
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
You must restart the JBoss server process for the update to take effect.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:0962
Workaround
Avoid using an OpenSSL security provider and instead use the default configuration or regular JSSE provider with 'TLS'.
A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.
7.6 (High)
Vendor Fix
Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.
You must restart the JBoss server process for the update to take effect.
For details about how to apply this update, see:
https://access.redhat.com/articles/11258
https://access.redhat.com/errata/RHSA-2020:0962
Workaround
Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251
References
Acknowledgments
Steve Zapantis
Robert Roberson
taktakdb4g
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 6, 7, and 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.\n\nSecurity Fix(es):\n\n* The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use (CVE-2019-14887) \n\n* libthrift: thrift: Endless loop when feed with specific input data (CVE-2019-0205)\n\n* libthrift: thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol (CVE-2019-0210)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, see the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2020:0962",
"url": "https://access.redhat.com/errata/RHSA-2020:0962"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/"
},
{
"category": "external",
"summary": "1764607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764607"
},
{
"category": "external",
"summary": "1764612",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764612"
},
{
"category": "external",
"summary": "1772008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008"
},
{
"category": "external",
"summary": "1807305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_0962.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update",
"tracking": {
"current_release_date": "2026-03-18T03:35:21+00:00",
"generator": {
"date": "2026-03-18T03:35:21+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2020:0962",
"initial_release_date": "2020-03-24T11:31:04+00:00",
"revision_history": [
{
"date": "2020-03-24T11:31:04+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2020-03-24T11:31:04+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T03:35:21+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product": {
"name": "Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el6"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product": {
"name": "Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7.3::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-core@0.34.1-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-thrift@0.34.1-1.redhat_00002.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-core@0.34.1-1.redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-thrift@0.34.1-1.redhat_00002.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"product_id": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-core@0.34.1-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java-thrift@0.34.1-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"product_id": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-java@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"product_id": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.28-4.SP1_redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"product_id": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-thrift@0.13.0-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"product_id": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jaegertracing-jaeger-client-java@0.34.1-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"product": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"product_id": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"product_id": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64-debuginfo@1.0.9-2.SP03_redhat_00001.1.el7eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"product_id": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64-debuginfo@1.0.9-2.SP03_redhat_00001.1.el6eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"product": {
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"product_id": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-openssl-linux-x86_64-debuginfo@1.0.9-2.SP03_redhat_00001.1.el8eap?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 6 Server",
"product_id": "6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"relates_to_product_reference": "6Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"relates_to_product_reference": "7Server-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src"
},
"product_reference": "eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64 as a component of Red Hat JBoss EAP 7.3 for BaseOS-8",
"product_id": "8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
},
"product_reference": "eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"relates_to_product_reference": "8Base-JBEAP-7.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0205",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1764612"
}
],
"notes": [
{
"category": "description",
"text": "In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language bindings.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thrift: Endless loop when feed with specific input data",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains a vulnerable version of libthrift. However, OpenDaylight does not expose libthrift in a vulnerable way, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe thrift package in OpenShift Container Platform is installed only in Curator images in the Logging stack. The affected code is included in this package, it\u0027s functionality is not used. This vulnerability is therefore rated Low for OpenShift Container Platform.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0205"
},
{
"category": "external",
"summary": "RHBZ#1764612",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764612"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0205",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0205"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0205",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0205"
}
],
"release_date": "2019-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-24T11:31:04+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0962"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "thrift: Endless loop when feed with specific input data"
},
{
"cve": "CVE-2019-0210",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2019-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1764607"
}
],
"notes": [
{
"category": "description",
"text": "In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat OpenStack Platform ships OpenDaylight, which contains a vulnerable version of libthrift. However, OpenDaylight is not affected as this is a Golang specific problem, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe version of thrift delivered in OpenShift Container Platform is not affected by this vulnerability as it does not contain the affected code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0210"
},
{
"category": "external",
"summary": "RHBZ#1764607",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1764607"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0210",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0210"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0210",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0210"
}
],
"release_date": "2019-10-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-24T11:31:04+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0962"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "thrift: Out-of-bounds read related to TJSONProtocol or TSimpleJSONProtocol"
},
{
"cve": "CVE-2019-14887",
"cwe": {
"id": "CWE-757",
"name": "Selection of Less-Secure Algorithm During Negotiation (\u0027Algorithm Downgrade\u0027)"
},
"discovery_date": "2019-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1772008"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found when an OpenSSL security provider is used with Wildfly, the \u0027enabled-protocols\u0027 value in the Wildfly configuration isn\u0027t honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-14887"
},
{
"category": "external",
"summary": "RHBZ#1772008",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772008"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-14887",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-14887"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-14887"
}
],
"release_date": "2020-03-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-24T11:31:04+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0962"
},
{
"category": "workaround",
"details": "Avoid using an OpenSSL security provider and instead use the default configuration or regular JSSE provider with \u0027TLS\u0027.",
"product_ids": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "wildfly: The \u0027enabled-protocols\u0027 value in legacy security is not respected if OpenSSL security provider is in use"
},
{
"acknowledgments": [
{
"names": [
"Steve Zapantis",
"Robert Roberson",
"taktakdb4g"
]
}
],
"cve": "CVE-2020-1745",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"discovery_date": "2020-02-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1807305"
}
],
"notes": [
{
"category": "description",
"text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: AJP File Read/Inclusion Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-1745"
},
{
"category": "external",
"summary": "RHBZ#1807305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1745"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745"
},
{
"category": "external",
"summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/",
"url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/"
},
{
"category": "external",
"summary": "https://www.cnvd.org.cn/webinfo/show/5415",
"url": "https://www.cnvd.org.cn/webinfo/show/5415"
},
{
"category": "external",
"summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487",
"url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487"
}
],
"release_date": "2020-02-26T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2020-03-24T11:31:04+00:00",
"details": "Before applying this update, back up your existing Red Hat JBoss Enterprise Application Platform installation and deployed applications.\n\nYou must restart the JBoss server process for the update to take effect.\n\nFor details about how to apply this update, see:\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2020:0962"
},
{
"category": "workaround",
"details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251",
"product_ids": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el6eap.noarch",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.src",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"6Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el6eap.x86_64",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"7Server-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el7eap.x86_64",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-0:0.34.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-core-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-jaegertracing-jaeger-client-java-thrift-0:0.34.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-thrift-0:0.13.0-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-undertow-0:2.0.28-4.SP1_redhat_00002.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-java-0:1.0.9-2.SP03_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.src",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64",
"8Base-JBEAP-7.3:eap7-wildfly-openssl-linux-x86_64-debuginfo-0:1.0.9-2.SP03_redhat_00001.1.el8eap.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: AJP File Read/Inclusion Vulnerability"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…